DH prime generation taking a long time

Simon Josefsson simon at josefsson.org
Fri Oct 15 11:11:43 CEST 2010

Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:

> On Thu, Oct 14, 2010 at 10:34 PM, Simon Josefsson <simon at josefsson.org> wrote:
>>> The nettle code shouldn't have caused multiple reads to /dev/*random. It
>>> reads 32 bytes on initialization from /dev/urandom and will read some
>>> more after few hours. Which test causes this delay?
>> Newly committed self-test tests/gendh.c triggers it too.  Running strace
>> on it reveals it is calling time() a lot, which suggests it is spending
>> time in nettle/rnd.c.  This is with GnuTLS built with Nettle as backend.
> But do these calls actually cause a/the delay or the prime generation?

Nope, false alarm.  It is GMP operations that is taking time because of 

      ret = mpz_probab_prime_p (w, PRIME_CHECK_PARAM);

Perhaps 18 is a too excessive number.  Are there established
recommendations on what number of repetitions are considered sufficient
for crypto purposes?  Maybe there should be...


More information about the Gnutls-devel mailing list